Wei can not delete the private key even delete the app

Wei can not delete the private key even delete the app. After I created a wallet in Wei, there is no option to create another one or delete the current one. Even I deleted the app, reinstalled, the wallet is still there.

I see a hidden question in your narrative - you are curious if this is safe, right? As Wei wallet is the rare kind of beast among non-custodian wallets that has both iOS and Android implementation, which one did you observe this behavior from?

If the private key/seed is available after the app is deleted and reinstalled, the key might have been stored on iCloud.

There's another possibility: it used to be that data saved to the keychain is retained after app deletions, but that wasn't a documented behavior (and hence not to be relied on, especially for private keys) and iOS supposedly have started deleting keychain data upon app deletions a few years ago, which is good for privacy — it had been used to track users across app installs. Maybe the behavior isn't consistent.

I'd love to know if it actually stores the key on iCloud. it's easy to verify that. Can you test it by deleting the WEI wallet from one iOS device and install it on another with the same iCloud account?

Installing on other device under same icloud account doesn't work.

Wei wallet looks like this repo https://github.com/popshootjapan/WeiWallet-iOS. The icons match. I can't get it to build, but i skimmed the code and it doesn't back up to iCloud indeed. I've also tried accessing it from another iOS device and it doesn't retain the wallet.

I create a simple test project to verify and at least on iOS 13 beta, keychain records aren't deleted after the app is released. It should still be secure though, since access is still controlled by app ID (which requires a signed provisioning profile from Apple). Just unexpected.

Still, undocumented behaviour.

I consider it a security flaw, because a copy of user's secret existed when/where the user didn't expect it to exist.

We'll have the same flaw with the iOS version of AlphaWallet too, though it wouldn't be reflected in the UI. I think we can talk about this after the current sprint. But I'll file a bug with Apple.